API Version 2:
The requested path (anything after the /2/) must now be included when you compute your hashed signature (Rest-Sign) for added security.
This is how it was done for version 1:
You have your params(post_data) = the word nonce, followed by the actual nonce integer (params = [(u'nonce',nonce)])
You have your header made up of Rest-Key (your API-KEY) and Rest-Sign (a hashed signature)
Rest-Sign is created by doing : base64encode( HMAC hash( base64decoded(API-secret), the nonce, with SHA512 digest))
What differs in version 2 is now : BEFORE the nonce, you are adding the relative path you are requesting(ie: BTCUSD/money/ticker) + a NUL char (ascii code 0).
So in my python code below which is very readable you can see everything remains the same as API v1 except now we are using api2postdatatohash = path + chr(0) + post_data #new way to hash for API 2, includes path + NUL.
https://github.com/pipe2grep/GoxSharp C# lib for V2 API and socketIO
https://en.bitcoin.it/wiki/MtGox/API/HTTP#PHP The Perl example on the main page is compatible with v2